Re: [keycloak-user] Generate offline token
On 3 November 2015 at 09:32, Thomas Raehalme <
thomas.raehalme(a)aitiofinland.com> wrote:
On Tue, Nov 3, 2015 at 10:23 AM, Stian Thorgersen
<sthorger(a)redhat.com>
wrote:
> * Create service account for customers - they can then use this to obtain
> a token (offline or standard refresh) using REST endpoints on Keycloak
>
Sorry to step in, but could you please explain the use case or the
reasoning for offline tokens on service accounts? If I have understood it
correctly you'll still need clientId and secret to generate the access
token from the offline token. Why not just use them to login whenever
necessary? Thanks!
I wouldn't use offline tokens myself, but if you want to provide customers
with a "token" rather than a service account it should be an offline token.
Problem is that it'll be rather big, not just a short "api key".
Best regards,
Thomas
Attachments:
- attachment.html (text/html — 1.8 KB)